PerimeterX Code Defender

PerimeterX Code Defender is a client-side application security solution that protects your website from Magecart attacks, digital skimming, formjacking and sensitive-data-harvesting attacks by detecting malicious script execution to safeguard your users’ data.

Protect Your Users’ Data

Prevent digital skimming, formjacking and Magecart attacks from harvesting your users’ data. Get full visibility into every script execution from first-party to third-, fourth- and fifth party code.

Preserve Your Brand Reputation

Protect your brand reputation and prevent customer loss resulting from client-side attacks that skim your users’ sensitive data.

Avoid Regulatory Fines

Avoid GDPR, PCI, California Consumer Privacy Act (CCPA) and similar regulatory fines resulting from data breaches. Global penalties from breaches caused by Magecart attacks have already surpassed a billion dollars.

Protect your website from:

Case Study

With PerimeterX Code Defender we were able to get very early detection of a compromised third-party script and stop a digital skimming attack, avoiding a data breach.

CISOLarge Online Travel Agency
Read Case Study

PerimeterX Technology Platform Works With Your Existing Infrastructure

You can deploy Code Defender anywhere within your existing web infrastructure - no changes required. The out-of-band mode of operation of PerimeterX Technology Platform is compatible with any cloud-based, appliance-based or serverless infrastructure. You can integrate Code Defender into any website within minutes.

Monitor Every Execution of Every Script

Code Defender detects - in real time - malicious activity in every script execution of every user that could potentially result in data theft. It tracks and monitors web page elements to gain visibility and control of all scripts running in the context of your web application. Early detection of anomalies allows you to quickly take the best mitigation action.

Preserve Page Load Performance

The machine-learning-based PerimeterX detector processes numerous data signals collected by the Javascript JS sensor. The detector generates behavioral fingerprints to detect anomalies and continuously updates the sensor with new intelligence.

Detect Anomalies in Real Time

Code Defender is built to preserve your real users' experience and page load performance. The asynchronous execution of the JS sensor, out-of-band deployment and extremely low false-positive rates ensure quick response times and a positive experience for your users.

Investigate, Analyze and Report

Code Defender provides advanced reporting, analysis and investigation capabilities, enabling customization of thresholds and policies that map to your business needs. All of the script’s actions - interaction with the document object model (DOM), network activity and storage triggers - are captured and visualized on an intuitive timeline chart within the analyzer Code Defender dashboard. Granular details paired with the exact script activity that triggers the incident classification enables you to get a speedy resolution for security issues originating from your third-party vendors.

Ensure Continuous Proactive Protection with Always-available Security Experts

Our 24/7/365 proactive security team, which is always available via multiple channels, investigates and remedies security incidents, provides business insights and functions as an extension of your team. Our team analyzes high-priority alerts from Code Defender as they occur to enable very early detection of client-side attacks.

How Code Defender Works

  • Collect

    The sensor collects and sends hundreds of client-side indicators to the detector to create activity fingerprints and behavior baseline. The sensor operates asynchronously without slowing down your site and preserves Google page rankings.

  • Detect

    The machine learning (ML) based detector continuously learns the normal script interactions with DOM, network and storage, correlates it with customer-defined policies and updates the sensor with new intelligence. The detector maintains a repository of known script baselines for each script category, shared anonymously with all customer deployments, so any suspicious actions can be detected quickly.

  • Enforce

    Early detection thresholds can be configured according to your business needs. High-priority alerts of client-side attacks are analyzed in real time by the PerimeterX security team. Alerts have detailed context and recommendations to enable your security team to work efficiently with your business team.

  • Report

    The cloud-based management portal displays all script activity and attacks - like PII harvesting and Magecart - without overwhelming you. All of the script’s actions - interaction with the document object model (DOM), network activity and storage triggers - are captured and visualized on an intuitive timeline chart within the analyzer dashboard. Investigate attack reports and generate custom ones with the advanced reporting, analysis and investigation capabilities of the portal.

© PerimeterX, Inc. All rights reserved.